|
News for
042299
|
contributed by Weld Pond
Yesterday HNN reported that numerous commercial and freeware shopping
carts when installed incorrectly result in the possible exposure of
customer information. Information exposed may include Name, CC Numbers,
home address, phone number, what they ordered, how much they paid etc. The
e-commerce software creates world readable files in the web server's
document tree which then get indexed by numerous search engines. The
products listed as possibly vulnerable are Selena Sol's WebStore 1.0,
Order Form v1.2, Seaside Enterprises EZMall 2000, QuikStore, PDGSoft's PDG
Shopping Cart 1.5, and Mercantec's SoftCart. While this is not a security
vulnerability per se is is actually a result of incorrectly installing or
configuring the applications. Vendors should take more care when
installing this software so as to prevent this from occurring.
BugTraq
Archives - More Details of the problem.
Other news sites have finally picked up the story and claim that they have
found at least 100 vulnerable sites. HNN did a little searching of its own
and found quite a few more than that revealing thousands upon thousands of
customers private information.
C | Net
Internet
News
Nando
Times
|
|
contributed by Lam3r
Patuxent River Naval Air Station has suffered a spam attack directly from
Yugoslavia. Security was not breached or systems disrupted as a result of
the 'attack' reports indicate that they received a total of 200 emails
with the words "Serbia is here." (I'm sorry, 200? That's it? Hell, I
get that much spam every day. Hmmm, maybe I am under attack? Quick, call
the FBI!)
DesertNews
CNN
|
|
contributed by HawK
Deputy secretary of defense, John Hamre, has stated that the current
NATO/US conflict with Yugoslavia is the countries first cyberwar. However
he has labeled most of the 'attacks' as "very incoherent and
amateurish." (I'll agree with the last part, but calling them
'attacks'? When a mosquito bites are you being attacked by insects?)
Hamre went on to say that the debate over unregulated encryption of
private communications is a false debate fostered by "cyber
libertarians." Adding "we know how to protect civil liberties."
Yahoo PR
News Wire
|
|
contributed by Phr33k
Version 1.03 of PhoneSweep, a commercial war dialer, has been released
with new features. These include support for up to eight simultaneous
modems, an improved user interface, and more. (Multiple modems is nice,
but that means multiple phone lines. Thanks, but I think I'll will stick
with reliable, user tested, free, Tone-Loc)
Excite Business
Wire
Sandstorm
Enterprises
|
|
contributed by Anonymous
Seagate joins the ranks of recent e_mail snafus when it emails 1,500 email
addresses to 1,500 customers and resellers and blames "clerical error" as
the cause. (Ed Note: Putting 1,500 addresses in the To: field instead of
the bcc: field is more than just "clerical error". Personally I call that
stupidity.)
C|Net
|
|
contributed by Space Rogue
A former state legislature in Germany blamed "computer hackers" for making
$15,000 in phone calls to phone sex numbers from his office. The judge
didn't believe that hackers had anything to do with it and felt that
Hans Wallner made all 405 calls himself.
Yahoo
Daily News
|
|
contributed by Anonymous
Cracked
The following sites have been reported as Cracked
http://www.kapo.ch
http://www.gr.ch
http://www.klosters.ch
http://www.progressive.ch
http://www.ci.fort-collins.co.us/
http://memex.lib.indiana.edu/
http://cddocs.fnal.gov
http://www.tang.com.au/
http://www.ciudadfutura.com
http://www.perlas.com.mx
http://www.naughtytalk.com
|
|
|
